TechSpot

Possible to Read Encrypted Snoop traces?

By MattG
Mar 6, 2005
  1. Hey Everyone,

    Where i work for a software company, we support Sun Solaris 2.8 and 2.9.

    Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.

    Now, in this scenario we have 3 machines.
    1 - The Server
    2 - The Device
    3 - The Machine you are connecting from

    I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.

    I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).

    I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.

    Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.

    However, it does appear to me that its secure for the most part.

    Thanks for any help guys.

    -Matt
     
  2. Nodsu

    Nodsu TS Rookie Posts: 9,431

    SSH is line-secure. There are some buggy implementations with rather theoretical man-in-the middle attack possibilities. If you are all patched up then there should be no problem.

    The biggest problems with SSH are the machines themselves:
    server masquerading - you are tricked to connect to some other machine instead of the one you intended (not many people bother to check the fingerprints).
    compromised server - the SSH daemon on the server machine has some extra "features" like reporting your password to someone.
    compromised client - you have a keylogger or a modified SSH client again recording your password.

    Of course the SSH sessions can be brute-forced but that is hardly something a script kiddie can do if you use decent encryption.
     
  3. Nodsu

    Nodsu TS Rookie Posts: 9,431

  4. MattG

    MattG TS Rookie Topic Starter Posts: 147

    Thanks man. Exactly what i was looking for.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.